BugTraq Mode:
(Page 6 of 1620)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
APPLE-SA-2015-06-30-4 Safari 8.0.7, Safari 7.1.7, and Safari 6.2.7 2015-06-30
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2015-06-30-4 Safari 8.0.7, Safari 7.1.7, and Safari 6.2.7

Safari 8.0.7, Safari 7.1.7, and Safari 6.2.7 are now available and
address the following:

WebKit
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
and OS X Yosemite

[ more ]  [ reply ]
APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update 2015-005 2015-06-30
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update
2015-005

OS X Yosemite v10.10.4 and Security Update 2015-005 are now available
and address the following:

Admin Framework
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 t

[ more ]  [ reply ]
APPLE-SA-2015-06-30-1 iOS 8.4 2015-06-30
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2015-06-30-1 iOS 8.4

iOS 8.4 is now available and addresses the following:

Application Store
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious universal provisioning profile ap

[ more ]  [ reply ]
Google Chrome Address Spoofing (Request For Comment) 2015-06-30
David Leo (david leo deusen co uk)
Impact:
The "click to verify" thing is completely broken...
Anyone can be "BBB Accredited Business" etc.
You can make whitehouse.gov display "We love Islamic State" :-)

Note:
No user interaction on the fake page.

Code:
***** index.html
<script>
function next()
{
w.location.replace('http://www.ora

[ more ]  [ reply ]
CVE-2015-4674 - TimeDoctor autoupdate over plain-HTTP 2015-06-29
Fernando Muñoz (fernando null-life com)
TimeDoctor claims to be a software that helps to improve the
productivity of teams, reduce time spent on distractions [1]

Vulnerability:
TimeDoctor autoupdate feature downloads and executes files over plain
HTTP and doesn't perform any check with the files. An attacker with
MITM capabilities (i.e.,

[ more ]  [ reply ]
[SECURITY] [DSA 3297-1] unattended-upgrades security update 2015-06-29
Alessandro Ghedini (ghedo debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3297-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Alessandro Ghedini
June 29, 2015

[ more ]  [ reply ]
novius-os.5.0.1 Persistent XSS, LFI & Open Redirect Vulnerabilities 2015-06-29
apparitionsec gmail com
[+] Credits: John Page ( hyp3rlinx )

[+] Domains: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/AS-NOVIUSOS0629.txt

Vendor:
=======================
community.novius-os.org

Product:
===============================================================
novius-os.5.0

[ more ]  [ reply ]
CollabNet Subversion Edge indes local file inclusion 2015-06-28
Oliver-Tobias Ripka (otr bockcay de)
# Vuln Title: Local file inclusion in CollabNet Subversion Edge Management
# Frontend via logfile "listViewItem" parameter of the "index" action
#
# Date: 28.06.2015
# Author: otr
# Software Link: https://www.open.collab.net/downloads/svnedge
# Vendor: CollabNet
# Version: 4.0.11
# Tested on: Fedora

[ more ]  [ reply ]
CollabNet Subversion Edge missing single login restriction 2015-06-28
Oliver-Tobias Ripka (otr bockcay de)
# Vuln Title: The CollabNet Subversion Edge management missing single login
# restriction
#
# Date: 28.06.2015
# Author: otr
# Software Link: https://www.open.collab.net/downloads/svnedge
# Vendor: CollabNet
# Version: 4.0.11
# Tested on: Fedora Linux
# Type: No single login restriction
#
# Risk: Lo

[ more ]  [ reply ]
CollabNet Subversion Edge weak password storage mechanism 2015-06-28
Oliver-Tobias Ripka (otr bockcay de)
# Vuln Title: The CollabNet Subversion Edge stores passwords as unsalted MD5 hashes
# Date: 28.06.2015
# Author: otr
# Software Link: https://www.open.collab.net/downloads/svnedge
# Vendor: CollabNet
# Version: 4.0.11
# Tested on: Fedora Linux
# Type: Insecure password storage

# Risk: Medium
# Stat

[ more ]  [ reply ]
CollabNet Subversion Edge missing XSRF protection 2015-06-28
Oliver-Tobias Ripka (otr bockcay de)
# Vuln Title: The CollabNet Subversion Edge Management Frontend does not implement XSRF protection tokens
#
# Date: 28.06.2015
# Author: otr
# Software Link: https://www.open.collab.net/downloads/svnedge
# Vendor: CollabNet
# Version: 4.0.11
# Tested on: Fedora Linux
# Type: XSRF
#
# Risk: Low
# Sta

[ more ]  [ reply ]
CollabNet Subversion Edge weak password policy 2015-06-28
Oliver-Tobias Ripka (otr bockcay de)
# Vuln Title: The CollabNet Subversion Edge Management Frontend does not
# implement a strong password policy
#
# Date: 28.06.2015
# Author: otr
# Software Link: https://www.open.collab.net/downloads/svnedge
# Vendor: CollabNet
# Version: 4.0.11
# Tested on: Fedora Linux
# Type: Lack of defensive me

[ more ]  [ reply ]
CollabNet Subversion Edge autocomplete on 2015-06-28
Oliver-Tobias Ripka (otr bockcay de)
# Vuln Title: The CollabNet Subversion Edge management frontend login page
# password field has autocomplete enabled
#
# Date: 28.06.2015
# Author: otr
# Software Link: https://www.open.collab.net/downloads/svnedge
# Vendor: CollabNet
# Version: 4.0.11
# Tested on: Fedora Linux
# Type: Lack of defen

[ more ]  [ reply ]
CollabNet Subversion Edge missing clickjacking protection 2015-06-28
Oliver-Tobias Ripka (otr bockcay de)
# Vuln Title: The CollabNet Subversion Edge Management Frontend does not
# implement clickjacking protection
#
# Date: 28.06.2015
# Author: otr
# Software Link: https://www.open.collab.net/downloads/svnedge
# Vendor: CollabNet
# Version: 4.0.11
# Tested on: Fedora Linux
# Type: Clickjacking
#
# Risk

[ more ]  [ reply ]
CollabNet Subversion Edge missing brute force protection 2015-06-28
Oliver-Tobias Ripka (otr bockcay de)
# Vuln Title: The CollabNet Subversion Edge does not protect against brute
# forcing accounts
#
# Date: 28.06.2015
# Author: otr
# Software Link: https://www.open.collab.net/downloads/svnedge
# Vendor: CollabNet
# Version: 4.0.11
# Tested on: Fedora Linux
# Type: Lack of defensive measures
#
# Risk:

[ more ]  [ reply ]
CollabNet Subversion Edge show local file inclusion 2015-06-28
Oliver-Tobias Ripka (otr bockcay de)
# Vuln Title: Local file inclusion in CollabNet Subversion Edge Management
# Frontend via "fileName" parameter of the show action
#
# Date: 10.10.2014
# Author: otr
# Software Link: https://www.open.collab.net/downloads/svnedge
# Vendor: CollabNet
# Version: 4.0.11
# Tested on: Fedora Linux
# Type:

[ more ]  [ reply ]
CollabNet Subversion Edge insecure password change 2015-06-28
Oliver-Tobias Ripka (otr bockcay de)
# Vuln Title: The CollabNet Subversion Edge management frontend does not require
# current password upon password change
#
# Date: 28.06.2015
# Author: otr
# Software Link: https://www.open.collab.net/downloads/svnedge
# Vendor: CollabNet
# Version: 4.0.11
# Tested on: Fedora Linux
# Type: Insecure

[ more ]  [ reply ]
CollabNet Subversion Edge tail local file inclusion 2015-06-28
Oliver-Tobias Ripka (otr bockcay de)
# Vuln Title: Local file inclusion in CollabNet Subversion Edge Management
# Frontend via logfile "fileName" parameter of the "tail" action
#
# Date: 28.06.2015
# Author: otr
# Software Link: https://www.open.collab.net/downloads/svnedge
# Vendor: CollabNet
# Version: 4.0.11
# Tested on: Fedora Linu

[ more ]  [ reply ]
CollabNet Subversion Edge downloadHook local file inclusion 2015-06-28
Oliver-Tobias Ripka (otr bockcay de)
# Vuln Title: Local file inclusion in CollabNet Subversion Edge Management
# Frontend via logfile "filename" parameter of the "downloadHook" action
#
# Date: 28.06.2015
# Author: otr
# Software Link: https://www.open.collab.net/downloads/svnedge
# Vendor: CollabNet
# Version: 4.0.11
# Tested on: Fed

[ more ]  [ reply ]
CollabNet Subversion Edge Password Hash Leak 2015-06-28
Oliver-Tobias Ripka (otr bockcay de)
# Vuln Title: The CollabNet Subversion Edge Management frontend user credential
# (hash) leak
#
# Date: 28.06.2015
# Author: otr
# Software Link: https://www.open.collab.net/downloads/svnedge
# Vendor: CollabNet
# Version: 4.0.11
# Tested on: Fedora Linux
# Type: Credential leak
#
# Risk: Medium
# S

[ more ]  [ reply ]
CollabNet Subversion Edge Hook Script Privilege Escalation 2015-06-28
Oliver-Tobias Ripka (otr bockcay de)
# Vuln Title: The CollabNet Subversion Edge Management Frontend SVN hook scripts
# privilege escalation
#
# Date: 28.06.2015
# Author: otr
# Software Link: https://www.open.collab.net/downloads/svnedge
# Vendor: CollabNet
# Version: 4.0.11
# Tested on: Fedora Linux
# Type: Privilege escalation desig

[ more ]  [ reply ]
CSRF Vulnerability in C2Box application CVE-2015-4460 2015-06-27
wissam bashour helpag com
Please add this advisory to your archive.
Thanks.
#####################################
Title: Cross-Site Request Forgery (CSRF) Vulnerability in C2Box application Allows adding an Admin User or reset any user's password.
Author: Wissam Bashour - Help AG Middle East
Vendor: boxautomation(B.A.S)
Pro

[ more ]  [ reply ]
Session Fixation, Reflected XSS, Code Execution in PivotX 2.3.10 2015-06-27
Tim (tc coen gmail com)
Vulnerability: Session Fixation, Reflected XSS, Code Execution
Affected Software: PivotX (http://pivotx.net/)
Affected Version: 2.3.10 (probably also prior versions)
Patched Version: 2.3.11
Risk: Medium-High

Session Fixation
================

Risk
----

Medium; If victim clicks link and logs in

[ more ]  [ reply ]
[security bulletin] HPSBPI03360 rev.2 - HP LaserJet Printers and MFPs, HP OfficeJet Printers and MFPs, and HP JetDirect Networking cards using OpenSSL, Remote Disclosure of Information 2015-06-26
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04720842

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04720842
Version: 2

HPSBPI03360 re

[ more ]  [ reply ]
[security bulletin] HPSBPI03107 rev.1 - HP LaserJet Printers and MFPs, HP OfficeJet Printers and MFPs, and HP JetDirect Networking cards using OpenSSL, Remote Disclosure of Information 2015-06-26
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04720842

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04720842
Version: 1

HPSBPI03107 re

[ more ]  [ reply ]
[security bulletin] HPSBGN03362 rev.1 - HP Discovery and Dependency Mapping Inventory (DDMI) with TLS, Remote Disclosure of Information 2015-06-26
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04724996

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04724996
Version: 1

HPSBGN03362 r

[ more ]  [ reply ]
[security bulletin] HPSBMU03267 rev.3 - HP Matrix Operating Environment and HP CloudSystem Matrix running OpenSSL, Remote Disclosure of Information 2015-06-26
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04576624

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04576624
Version: 3

HPSBMU03267 r

[ more ]  [ reply ]
[security bulletin] HPSBUX03359 rev.1 - HP-UX pppoec, local elevation of privilege 2015-06-26
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04718530

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04718530
Version: 1

HPSBUX03359 re

[ more ]  [ reply ]
[security bulletin] HPSBGN03351 rev.1 - HP IceWall SSO Dfw, SSO Certd, MCRP, and Federation Agent running OpenSSL, Remote Disclosure of Information 2015-06-26
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04710027

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04710027
Version: 1

HPSBGN03351 re

[ more ]  [ reply ]
[SECURITY] [DSA 3296-1] libcrypto++ security update 2015-06-29
Alessandro Ghedini (ghedo debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3296-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Alessandro Ghedini
June 29, 2015

[ more ]  [ reply ]
(Page 6 of 1620)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus